From e8b33c31393b3714c0cfeb3b6106aa6a1f9f03f1 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Thu, 11 Oct 2018 10:49:59 -0700
Subject: [PATCH] Add type for /system/bin/tcpdump.

We add this type with the intent to expose /system/bin/tcpdump to
vendor on userdebug devices only.

Bug: 111243627
Test: device boots /system/bin/tcpdump correctly labeled as
tcpdump_exec, can browse internet, turn wifi on/off
Change-Id: Icb35e84c87120d198fbb2b44edfa5edf6021d0f0
---
 private/compat/28.0/28.0.cil | 1 +
 private/file_contexts        | 1 +
 public/file.te               | 2 ++
 3 files changed, 4 insertions(+)

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index e84c3adbe..e76bc2d6d 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1571,6 +1571,7 @@
     system_linker_exec
     system_seccomp_policy_file
     system_security_cacerts_file
+    tcpdump_exec
     system_zoneinfo_file
 ))
 (typeattributeset systemkeys_data_file_28_0 (systemkeys_data_file))
diff --git a/private/file_contexts b/private/file_contexts
index 9046ee1c0..5e744192e 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -198,6 +198,7 @@
 /system/bin/sload_f2fs	--	u:object_r:e2fs_exec:s0
 /system/bin/make_f2fs	--	u:object_r:e2fs_exec:s0
 /system/bin/fsck_msdos	--	u:object_r:fsck_exec:s0
+/system/bin/tcpdump	--	u:object_r:tcpdump_exec:s0
 /system/bin/tune2fs	--	u:object_r:fsck_exec:s0
 /system/bin/toolbox	--	u:object_r:toolbox_exec:s0
 /system/bin/toybox	--	u:object_r:toolbox_exec:s0
diff --git a/public/file.te b/public/file.te
index 9bf910ee7..e9fb1a626 100644
--- a/public/file.te
+++ b/public/file.te
@@ -146,6 +146,8 @@ type system_seccomp_policy_file, system_file_type, file_type;
 type apex_key_file, system_file_type, file_type;
 # Default type for cacerts in /system/etc/security/cacerts/*.
 type system_security_cacerts_file, system_file_type, file_type;
+# Default type for /system/bin/tcpdump.
+type tcpdump_exec, system_file_type, exec_type, file_type;
 # Default type for zoneinfo files in /system/usr/share/zoneinfo/*.
 type system_zoneinfo_file, system_file_type, file_type;
 
-- 
GitLab